Traffic Analysis CCNA Instructor Training Course October 12
Traffic Analysis CCNA Instructor Training Course October 12 -17, 2009 Department of Computer Engineering Kasetsart University 1
Layered Model Revisited App A App B Application Layer Transport Layer Network Layer Data Link Layer Physical Layer 2
OSI Model and TCP/IP 7 Application 6 Presentation 5 Session 4 Transport TCP/ UDP 3 Network IP 2 Data Link 1 Physical Applications 3
TCP/IP Encapsulation Applications TCP/ UDP IP Data Link Physical Message Segment or User Datagram Packet (Datagram) Frame Bits 4
Data Flow Applications Hello TCP/ UDP IP Data Link Physical H Hello H H Hello 2 H H Hello T 1001101001011101011 5
TCP Segment Format 6
UDP Datagram Format 7
IP Datagram 8
Ethernet Frame 00 A 0 24 A 6 F 6 44 00 A 0 24 A 6 F 6 59 08 00 Source Destination Physical Address Type (First 6 -byte) (Second 6 -byte) 2 Bytes IP Ethernet Header TCP Header Data CRC 4 bytes 9
Regular Ethernet 3 1 4 2 Station 1 transmits to all (broadcast) 10
Regular Ethernet 3 4 Promiscuous mode 1 2 Station 1 transmits to station 4 11
Sniffer n n Network and protocol analyzer For network maintenance and trouble shooting Capture, monitor, analyze, trouble shooting Example: Etherpeek, Ethereal 12
Ethereal/Wireshark 13
Raw Frame # of Byte Raw Frame Ascii 14
Ethernet Header/Trailer 00 A 0 24 A 6 F 6 44 00 Destination Physical Address (First 6 -byte) Ethernet Header A 0 24 A 6 F 6 Source Physical Address (Second 6 -byte) 59 08 00 Type 2 Bytes IP Header TCP Header Data CRC 4 bytes Ethernet Header Ethernet Trailer 15
IP Header Destination IP Address 158. 108. 135. 137 Source IP Address 9 e 6 c 02 45 158. 108. 2. 69 16
TCP Header 17
Live Capture n Demo 18
- Slides: 18